CVE-2024-4211

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4211
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

2.4 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://portal.microfocus.com/s/article/KM000033543?language=en_US Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*
History

21 Oct 2024, 16:15

Type Values Removed Values Added
CPE cpe:2.3:a:microfocus:application_automation_tools:*:*:*:*:*:jenkins:*:*
References () https://portal.microfocus.com/s/article/KM000033543?language=en_US - () https://portal.microfocus.com/s/article/KM000033543?language=en_US - Vendor Advisory
First Time Microfocus application Automation Tools
Microfocus
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 2.4

18 Oct 2024, 12:53

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de validación incorrecta de la cantidad especificada en la entrada en OpenText Las herramientas de automatización de aplicaciones de OpenText permiten explotar niveles de seguridad de control de acceso configurados incorrectamente. Se han descubierto múltiples comprobaciones de permisos faltantes en la configuración de trabajos de ALM en las herramientas de automatización de aplicaciones de OpenText. La vulnerabilidad podría permitir que los usuarios con permiso general/de lectura enumeren los nombres de servidor de ALM, los nombres de usuario y los ID de cliente configurados para usarse con servidores de ALM. Este problema afecta a las herramientas de automatización de aplicaciones de OpenText: 24.1.0 y anteriores.

16 Oct 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-16 17:15

Updated : 2024-10-21 16:15

NVD link : CVE-2024-4211

Mitre link : CVE-2024-4211

CVE.ORG link : CVE-2024-4211

JSON object : View

Products Affected

microfocus

  • application_automation_tools
CWE
NVD-CWE-noinfo CWE-280

Improper Handling of Insufficient Permissions or Privileges


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024